Sometimes, it would be useful to relax the Java security manager to allow connection to secure HTTP server using self-signed certificate, especially during development phase. To avoid Java exception on HTTPS connection, it's possible to add self signed certificate to the Java trusted X509 certificate repository using Java keystore command line tool:

But this can be painful, even more if the application must be tested with various servers using self-signed or bad defined certificate. And if a server is using a certificate with a hostname different from the one you use to test it, it will still fail.

It's also possible to change the TrustManager? and HostnameVerifier? in Java code, but the API did change from JDK 1.3 and 1.4. Unfortunately, the old deprecated "com.sun.net.ssl" is still available, making setting of a custom TrustManager? and HostnameVerifier? a bit difficult.

So I've created an utility class that allow relaxing of the SSL trust rules. Simply add it to a package, an application or a framework, and call:

SSLUtilities.trustAllHostnames() to turn off the default hostname verification on HTTPS connection;

SSLUtilities.trustAllHttpsCertificates() to turn off the default certificate validation on HTTPS connection.